<?php
declare (strict_types = 1);

namespace app\common\middleware;

use app\common\exception\Http;
use app\common\request\AuthRequest;

class BaseAuth
{
    /**
     *
     * User Reborn
     * Time 2020/4/2 11:18
     * @param $request
     * @param \Closure $next
     * @return mixed
     * @throws Http
     * @throws \HttpRequestException
     */
    public function handle($request, \Closure $next)
    {
        $info=(new AuthRequest())->scene('auth')->validate($request->header());

        if('48809036151375734880903615137573' != $info['didi-token']){
            $app_scrert = array(
                1 => 4880903615137571,
                3 => 4880932162336152,
                4 => 4880903615137573,
                5 => 4880903615137588
            );

            list($app_id,$user_id,$login_token,$version,$token_time)=array_values($info);
            $app_scrert=$app_scrert[$app_id];
            if($info['didi-token'] != md5($app_id . $app_scrert . $user_id . $login_token . $version . $token_time)){
                throw new Http('token错误');
            }

            if(time() - $info['time'] > 3600){
                throw new Http('token已失效');
            }
        }

        return $next($request);
    }
}
